Commit ce6f84c0 authored by Cynthia Ng's avatar Cynthia Ng Committed by Etienne Baqué

Reword NameID format to be recommended

parent 0b03e040
...@@ -40,7 +40,7 @@ module Gitlab ...@@ -40,7 +40,7 @@ module Gitlab
def name_id_matches_identity! def name_id_matches_identity!
return unless name_id_changed? return unless name_id_changed?
message = s_('GroupSAML|must match stored NameID of "%{extern_uid}" as we use this to identify users. If the NameID changes users will be unable to sign in.') % { extern_uid: identity&.extern_uid } message = s_('GroupSAML|must match stored NameID of "%{extern_uid}" to identify user and allow sign in') % { extern_uid: identity&.extern_uid }
errors.add(:name_id, message) errors.add(:name_id, message)
end end
...@@ -48,13 +48,13 @@ module Gitlab ...@@ -48,13 +48,13 @@ module Gitlab
return if name_id_format.ends_with?(':persistent') return if name_id_format.ends_with?(':persistent')
return if name_id_format.ends_with?(':emailAddress') && name_id_is_email? return if name_id_format.ends_with?(':emailAddress') && name_id_is_email?
errors.add(:name_id_format, s_('GroupSAML|should be "persistent"')) errors.add(:name_id_format, s_('GroupSAML|"persistent" recommended'))
end end
def name_id_randomly_generated! def name_id_randomly_generated!
return unless name_id_is_new? && unreliable_name_id? return unless name_id_is_new? && unreliable_name_id?
errors.add(:name_id, s_('GroupSAML|should be a random persistent ID, emails are discouraged')) errors.add(:name_id, s_('GroupSAML|recommend persistent ID instead of email'))
end end
def unreliable_name_id? def unreliable_name_id?
......
...@@ -30,7 +30,7 @@ RSpec.describe Gitlab::Auth::GroupSaml::ResponseCheck do ...@@ -30,7 +30,7 @@ RSpec.describe Gitlab::Auth::GroupSaml::ResponseCheck do
it 'warns that NameID has changed and will break sign in' do it 'warns that NameID has changed and will break sign in' do
expect(subject.errors[:name_id].join).to include('must match stored NameID') expect(subject.errors[:name_id].join).to include('must match stored NameID')
expect(subject.errors[:name_id].join).to include('unable to sign in') expect(subject.errors[:name_id].join).to include('allow sign in')
end end
end end
......
...@@ -16009,6 +16009,9 @@ msgstr "" ...@@ -16009,6 +16009,9 @@ msgstr ""
msgid "GroupRoadmap|Within 3 years" msgid "GroupRoadmap|Within 3 years"
msgstr "" msgstr ""
msgid "GroupSAML|\"persistent\" recommended"
msgstr ""
msgid "GroupSAML|%{strongOpen}Warning%{strongClose} - Enabling %{linkStart}SSO enforcement%{linkEnd} can reduce security risks." msgid "GroupSAML|%{strongOpen}Warning%{strongClose} - Enabling %{linkStart}SSO enforcement%{linkEnd} can reduce security risks."
msgstr "" msgstr ""
...@@ -16156,13 +16159,10 @@ msgstr "" ...@@ -16156,13 +16159,10 @@ msgstr ""
msgid "GroupSAML|as %{access_level}" msgid "GroupSAML|as %{access_level}"
msgstr "" msgstr ""
msgid "GroupSAML|must match stored NameID of \"%{extern_uid}\" as we use this to identify users. If the NameID changes users will be unable to sign in." msgid "GroupSAML|must match stored NameID of \"%{extern_uid}\" to identify user and allow sign in"
msgstr ""
msgid "GroupSAML|should be \"persistent\""
msgstr "" msgstr ""
msgid "GroupSAML|should be a random persistent ID, emails are discouraged" msgid "GroupSAML|recommend persistent ID instead of email"
msgstr "" msgstr ""
msgid "GroupSelect|No matching results" msgid "GroupSelect|No matching results"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment